From 23927711c1579c17f885a7a40a0ba595e08930a4 Mon Sep 17 00:00:00 2001
From: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
Date: Fri, 24 Feb 2017 17:05:29 +0000
Subject: Stop using SHA-1 for generated filenames.

---
 poezio/xhtml.py | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

(limited to 'poezio/xhtml.py')

diff --git a/poezio/xhtml.py b/poezio/xhtml.py
index 6ab48733..8b191ad2 100644
--- a/poezio/xhtml.py
+++ b/poezio/xhtml.py
@@ -12,10 +12,10 @@ xhtml code to shell colors,
 poezio colors to xhtml code
 """
 
-import base64
 import curses
 import hashlib
 import re
+from base64 import b64encode, b64decode
 from os import path
 from slixmpp.xmlstream import ET
 from urllib.parse import unquote
@@ -292,6 +292,11 @@ def parse_css(css):
 def trim(string):
     return re.sub(whitespace_re, ' ', string)
 
+def get_hash(data: bytes) -> bytes:
+    # Currently using SHA-256, this might change in the future.
+    # base64 gives shorter hashes than hex, so use that.
+    return b64encode(hashlib.sha256(data).digest()).rstrip(b'=')
+
 class XHTMLHandler(sax.ContentHandler):
     def __init__(self, force_ns=False, tmp_dir=None, extract_images=False):
         self.builder = []
@@ -349,8 +354,8 @@ class XHTMLHandler(sax.ContentHandler):
         elif name == 'img':
             if re.match(xhtml_data_re, attrs['src']) and self.extract_images:
                 type_, data = [i for i in re.split(xhtml_data_re, attrs['src']) if i]
-                bin_data = base64.b64decode(unquote(data))
-                filename = hashlib.sha1(bin_data).hexdigest() + '.' + type_
+                bin_data = b64decode(unquote(data))
+                filename = get_hash(bin_data) + '.' + type_
                 filepath = path.join(self.tmp_dir, filename)
                 if not path.exists(filepath):
                     try:
-- 
cgit v1.2.3